Summary and knowledge check


In this module, you learned about how Microsoft Online Services procure, monitor, and manage subprocessors to help protect data from unauthorized access and inappropriate use.

Now that you have completed this module, you should be able to:

  • Explain how the Supplier Security and Privacy Assurance (SSPA) program helps Microsoft online services protect customer data and personal data.
  • List the types of subprocessors utilized by Microsoft and the access controls employed by each type.
  • Describe how the additional subprocessor requirements of Microsoft's business units limit the number of approved subprocessors and provide an extra layer of protection.
  • List subprocessor onboarding and ongoing subprocessor verification requirements required by the SSPA program.
  • Describe Microsoft commitments to protecting customer data and personal data when a supplier contract ends.

Check your knowledge


What type of subprocessor is used to deliver services to help support, operate, and maintain Microsoft Online Services?


Which statement about Microsoft 365 subprocessor monitoring is accurate?


At the end of an engagement with Microsoft, how long does the subprocessor have to completely return or destroy all data?